FROM node:18-alpine AS builder

WORKDIR /app

# Copy package files
COPY plugins/apps-js/package*.json ./

# Install dependencies
RUN npm ci --only=production && npm cache clean --force

FROM node:18-alpine

WORKDIR /app

# Install system dependencies
RUN apk add --no-cache curl

# Copy dependencies from builder stage
COPY --from=builder /app/node_modules ./node_modules

# Copy application code
COPY plugins/apps-js/ .

# Create non-root user
RUN addgroup -g 1001 -S nodejs && \
    adduser -S nodejs -u 1001

# Change ownership of the app directory
RUN chown -R nodejs:nodejs /app
USER nodejs

# Environment variables should be passed at build time
ARG OPENAI_API_KEY
ARG OPENROUTER_API_KEY
ARG UPSTASH_REDIS_HOST
ARG UPSTASH_REDIS_PASSWORD
ARG UPSTASH_REDIS_PORT
ARG JWT_SECRET
ARG GOOGLE_CLIENT_ID
ARG GOOGLE_CLIENT_SECRET
ARG GOOGLE_REDIRECT_URI
ARG GOOGLE_CALLBACK_URL
ARG BASE_URL
ARG SUPABASE_URL
ARG SUPABASE_KEY
ARG OMI_APP_ID
ARG OMI_APP_SECRET
ARG DECK_APP_ID
ARG DECK_APP_SECRET
ARG SLIDESGPT_API_KEY

# Set environment variables
ENV PORT=8080
ENV NODE_ENV=production
ENV OPENAI_API_KEY=$OPENAI_API_KEY
ENV OPENROUTER_API_KEY=$OPENROUTER_API_KEY
ENV UPSTASH_REDIS_HOST=$UPSTASH_REDIS_HOST
ENV UPSTASH_REDIS_PASSWORD=$UPSTASH_REDIS_PASSWORD
ENV UPSTASH_REDIS_PORT=$UPSTASH_REDIS_PORT
ENV JWT_SECRET=$JWT_SECRET
ENV GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID
ENV GOOGLE_CLIENT_SECRET=$GOOGLE_CLIENT_SECRET
ENV GOOGLE_REDIRECT_URI=$GOOGLE_REDIRECT_URI
ENV GOOGLE_CALLBACK_URL=$GOOGLE_CALLBACK_URL
ENV BASE_URL=$BASE_URL
ENV SUPABASE_URL=$SUPABASE_URL
ENV SUPABASE_KEY=$SUPABASE_KEY
ENV OMI_APP_ID=$OMI_APP_ID
ENV OMI_APP_SECRET=$OMI_APP_SECRET
ENV DECK_APP_ID=$DECK_APP_ID
ENV DECK_APP_SECRET=$DECK_APP_SECRET
ENV SLIDESGPT_API_KEY=$SLIDESGPT_API_KEY

EXPOSE 8080

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:8080/health || exit 1

CMD ["npm", "start"] 